Re: Theory Question
From: Jacques A. Vidrine (n@nectar.com)
Date: 04/08/01
- Next message: John Howie: "Re: Theory Question"
- Previous message: John Howie: "Re: Theory Question"
- In reply to: John Howie: "Re: Theory Question"
- Next in thread: John Howie: "Re: Theory Question"
- Reply: John Howie: "Re: Theory Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 7 Apr 2001 18:00:40 -0500 From: "Jacques A. Vidrine" <n@nectar.com> To: John Howie <JHowie@msn.com>
On Sat, Apr 07, 2001 at 03:48:53PM -0700, John Howie wrote:
> Agreed! And the hacker would also need to have intimate knowledge of your
> network configuration to be able to supply the correct parameters to
> ifconfig in the scenario that Crist outlined.
Well, no. Arbitrary code is just that: arbitrary. Arbitrary code can
determine a working configuration for any network interface. And in
many cases it will not even be necessary to `ifconfig' the interface
to use it.
> One item that was missing from
> the original design was an exterior DMZ firewall (or perhaps I just missed
> that component) running NAT. Key to securing the infrastructure is making it
> as difficult as possible for a hacker to determine DMZ and production
> network topologies and machine addresses.
If the `key' to your security is obscurity of your internal network
configuration, expect to be comprimised. This information is not hard
to obtain by a determined attacker, and technology is probably not
even an issue.
Cheers,
-- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: John Howie: "Re: Theory Question"
- Previous message: John Howie: "Re: Theory Question"
- In reply to: John Howie: "Re: Theory Question"
- Next in thread: John Howie: "Re: Theory Question"
- Reply: John Howie: "Re: Theory Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
